Setting up a back up instance of your SurePassID authentication server for on-prem
If you are utilizing the on-premises version of the SurePassID Authentication Server, you have the option to set up a backup instance for enhanced reliability.
The SurePassID Authentication Server (SPAS) utilizes a SQL backend paired with a .NET application that operates under Internet Information Services (IIS). It is crucial to perform regular backups of both the database and the server. Of particular importance is the web.config file located in the primary Multi-Factor Authentication (MFA) folder, as it contains essential configuration details necessary for accessing the SQL database.
We highly recommend securely storing an encrypted copy of the web.config file, along with the site.lic file from the BIN folder, in a location that is separate from the SPAS server and preferably not accessible over the network without robust security measures in place. It is also recommended that the back-up copy be stored in an offsite location (encrypted key fob stored in a vault might work) or password manager such as 1Password might work as well.
It is advisable to conduct full backups of the SQL database at least once a week and to verify the recoverability of the database through periodic testing.
Regular SQL database maintenance is essential for optimizing performance and keeping the database manageable in size. To assist with this, you can find scripts in the SurePassID DatabaseUtil folder designed for weekly and monthly tasks. These scripts help with activities such as rebuilding indexes and removing outdated log data. The filenames are intuitive, making it easy to identify their specific functions.
Having both the web.config file and the database allows for the potential recovery of the SPAS setup from scratch, or the ability to replace a corrupted version of either the database or the configuration file if necessary.
For virtual machines (VMs), we recommend performing periodic backups of the entire VM to facilitate quick recovery with minimal effort. It is considered best practice to utilize a backup solution capable of quiescing the database prior to taking a snapshot whenever possible.
The recommended setup for SQL backup and recovery is to configure it as "simple," ensuring that a reliable copy of the database can be restored when needed.
Given that the SPAS is built on a SQL backend with an IIS/.NET frontend, it is important to adhere to standard best practices regarding backup and recovery. Maintaining an offline copy of the web.config file in a secure location further enhances the likelihood of a successful recovery.